Skills by affaan-m

Backend architecture patterns, API design, database optimization, and server-side best practices for Node.js, Express, and Next.js API routes.

Universal coding standards, best practices, and patterns for TypeScript, JavaScript, React, and Node.js development.

This skill provides security checklists for application and cloud infrastructure deployment. It instructs reading secrets (`const apiKey = process.env.OPENAI_API_KEY`, `SecretId: 'prod/api-key'`) and includes shell/CLI commands such as `aws iam enable-mfa-device`.

Frontend development patterns for React, Next.js, state management, performance optimization, and UI best practices.

Idiomatic Go patterns, best practices, and conventions for building robust, efficient, and maintainable Go applications.

Use this skill when writing new features, fixing bugs, or refactoring code. Enforces test-driven development with 80%+ coverage including unit, integration, and E2E tests.

PostgreSQL database patterns for query optimization, schema design, indexing, and security. Based on Supabase best practices.

Dangerous skill: reads local session observations (`~/.claude/homunculus/observations.jsonl`), installs hooks in `~/.claude/settings.json`, and invokes external analysis (`claude --model haiku`) and HTTP fetches. It claims observations stay `local` while the code calls `claude` and `urllib.request.urlopen`, enabling external transmission of session content.

This skill documents Go testing patterns (TDD, table-driven tests, benchmarks, fuzzing, and coverage) with examples and CI snippets. It includes explicit CLI commands such as `go test` and `go tool cover -html=coverage.out`; executing these commands is the only security-relevant behavior and is purpose-aligned.

This skill extracts reusable patterns from Claude Code sessions and saves learned skills to `~/.claude/skills/learned/` via a Stop hook. It installs and runs the shell command `~/.claude/skills/continuous-learning/evaluate-session.sh` and instructs modifying `~/.claude/settings.json`, which grants script execution on session end.

Suggests manual context compaction at logical intervals to preserve context through task phases rather than arbitrary auto-compaction.

Spring Boot architecture patterns, REST API design, layered services, data access, caching, async processing, and logging. Use for Java Spring Boot backend work.

ClickHouse database patterns, query optimization, analytics, and data engineering best practices for high-performance analytical workloads.

This skill documents Spring Boot security best practices for auth, validation, CSRF, secrets, headers, rate limiting, and dependency scanning. It instructs using env vars like `DB_PASSWORD` and `VAULT_TOKEN`, configures `https://vault.example.com` and `https://app.example.com`, and recommends running dependency scanners in CI.

Pattern for progressively refining context retrieval to solve the subagent context problem

Pythonic idioms, PEP 8 standards, type hints, and best practices for building robust, efficient, and maintainable Python applications.

The skill is an evaluation framework for Claude Code sessions that defines, runs, and stores evals under `.claude/` and reports pass@k metrics. It includes explicit shell commands such as `grep -q "export function handleAuth" src/auth.ts`, `npm test -- --testPathPattern="auth"`, and `npm run build` for running graders and tests.

Test-driven development for Spring Boot using JUnit 5, Mockito, MockMvc, Testcontainers, and JaCoCo. Use when adding features, fixing bugs, or refactoring.

Python testing strategies using pytest, TDD methodology, fixtures, mocking, parametrization, and coverage requirements.

This skill documents Django security best practices for authentication, CSRF, XSS, SQL-injection mitigation, file uploads, and production settings. It instructs reading secrets from environment variables such as `DJANGO_SECRET_KEY` and using `.env` via `environ.Env.read_env()`; no shell execution or external-data exfiltration is instructed.

JPA/Hibernate patterns for entity design, relationships, query optimization, transactions, auditing, indexing, pagination, and pooling in Spring Boot.

Provides Django architecture patterns and production-grade examples for project layout, models, DRF, caching, signals, and middleware. Examples read environment variables such as `DJANGO_SECRET_KEY`, `DB_NAME`, `DB_USER`, `DB_PASSWORD`, `DB_HOST`, `DB_PORT` and write logs to `/var/log/django/django.log`, which are purpose-aligned configuration accesses.

This skill documents Django TDD testing patterns using `pytest`, `factory_boy`, and Django REST Framework. It includes example shell commands such as `pytest --cov=apps --cov-report=html --cov-report=term-missing` and `open htmlcov/index.html`; no instructions to access secrets, external networks, or store credentials were found.

Interactive installer for Everything Claude Code — guides users through selecting and installing skills and rules to user-level or project-level directories, verifies paths, and optionally optimizes installed files.

REST API design patterns including resource naming, status codes, pagination, filtering, error responses, versioning, and rate limiting for production APIs.

Process, convert, OCR, extract, redact, sign, and fill documents using the Nutrient DWS API. Works with PDFs, DOCX, XLSX, PPTX, HTML, and images.

Provides Docker and Docker Compose patterns for local development, container security, networking, volumes, and multi-service orchestration. Contains explicit shell commands like `docker compose up` and `docker compose exec app sh`, network endpoints such as `http://localhost:3000/health` and `postgres://postgres:postgres@db:5432/app_dev`, and uses environment variables like `API_KEY` and `.env`.

Scan your Claude Code configuration (.claude/ directory) for security vulnerabilities, misconfigurations, and injection risks using AgentShield. Checks CLAUDE.md, settings.json, MCP servers, hooks, and agent definitions.

This skill provides Playwright E2E testing patterns, Page Object Model examples, artifact handling, and CI integration. It references `process.env.BASE_URL`, `process.env.CI`, and includes shell steps like `npx playwright test` in CI configuration.

This skill provides deployment workflows, CI/CD patterns, Dockerfiles, and production-readiness checklists. It includes explicit shell/CI commands (e.g., `RUN npm ci`, `kubectl set image`) and instructs use of external services/domains (`ghcr.io`) and secrets/env vars (`DATABASE_URL`, `GITHUB_TOKEN`).

Database migration best practices for schema changes, data migrations, rollbacks, and zero-downtime deployments across PostgreSQL, MySQL, and common ORMs (Prisma, Drizzle, Django, TypeORM, golang-migrate).

Java coding standards for Spring Boot services: naming, immutability, Optional usage, streams, exceptions, generics, and project layout.

Use only when writing/updating/fixing C++ tests, configuring GoogleTest/CTest, diagnosing failing or flaky tests, or adding coverage/sanitizers.

A comprehensive verification system for Claude Code sessions.

Example project-specific skill template based on a real production application.

Verification loop for Spring Boot projects: build, static analysis, tests with coverage, security scans, and diff review before release or PR.

Verification loop for Django projects: migrations, linting, tests with coverage, security scans, and deployment readiness checks before release or PR.